First published: Thu Dec 19 2019(Updated: )
The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 (1.35 and/or 1.34) mishandles certain HTML attributes, as demonstrated by IMG onmouseover= (impact is XSS) and IMG src=http (impact is disclosing the client's IP address). This can occur within a talk page topical header that is viewed within a mobile (MobileFrontend) context.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
MediaWiki MediaWiki | =1.34 | |
MediaWiki MediaWiki | =1.35 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.